iLivid ads lead to ‘Searchqu Toolbar/Search Suite’ PUA (Potentially Unwanted Application)

by


By Dancho Danchev

Our sensors recently picked up an advertisement using Yieldmanager’s ad network, enticing users into downloading the iLivid PUA (Potentially Unwanted Application) on their PCs. Operated by Bandoo Media Inc., the application installs the privacy invading “Searchqu Toolbar”.

More details:

Sample screenshot of the advertisement:

iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager

Sample screenshot of the download page:

iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_01

Detection rate for iLivid – MD5: 468bbe0dc83496cad49597a47341c786 - detected by 3 out of 47 antivirus scanners as Adware.Bandoo.12; Win32/Toolbar.SearchSuite; W32/Toolbar.SEARCHSUITE

Landing URL: lp.ilivid.com - 109.201.151.93

iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_02

Known to have responded to the same IP are the following malicious MD5s, which we believe attempted to monetize the malware-infected host through iLivid’s affiliate network:
MD5: 74562e98a305834d84cb6df299a96a63
MD5: 463913c483112676a0c532f94802a6f0
MD5: 0ff6aa66003c2d6e9a4b86c97198a722
MD5: a7dd79393a3882acb8a373d5aebec1ea
MD5: 33da215b4d827b1c74ff8361914f09ed
MD5: 8c92b8c70e5a667bc9084517bc2431c3
MD5: c3c9954178fc0efe04d4b182d3dc3045
MD5: 60d4d1506efc6f444915257a402f76aa
MD5: 70e8fe9b2baf3c39451ed95cb57666a7
MD5: 20b9e917485a52b9dcf7bb1adb05fd95
MD5: 2c5fcb0c1f346097542751e1f5a1d394
MD5: d6390373eb082062688b4a568cea6e37
MD5: d2dc7b3058a64a358f46953f2d2243ac
MD5: 152172ad3cbd0e52bd3291a61d7153ed

What’s so special about iLivid and why should you avoid using it? Going through iLivid’s FAQ, we can easily spot the following:

iLivid may automatically receive and record certain non-personally identifiable information on its server logs from your browser, including your IP address, browser type, internet service provider (ISP), cookie information, and
the webpage that a user visits. iLivid collects non-personally identifiable information for general purposes, including but not limited to analyzing trends, administering the site, tracking user movements, conducting research,
and providing anonymous reporting to internal and external clients. iLivid will not link any Personal Information, including e-mail addresses, with aggregate data of its users.

iLivid_SearchSuite_PUA_Rogue_Advertisement_Yieldmanager_03

To avoid continuously feeding URLs you visit to a third-party who will monetize access to this data by sharing it with more parties, we advise you not to install iLivid.

You can find more about Dancho Danchev at his LinkedIn ProfileYou can also follow him on Twitter.


Trackbacks

  1. […] network, are promoting more Potentially Unwanted Applications (PUAs) courtesy of Bandoo Media Inc and their subsidiary Koyote-Lab […]